[ On Monday, July 15, 2002 at 18:42:15 (+0200), Thomas Klausner wrote: ]
> Subject: Re: removing vulnerable packages vs. marking them BROKEN (was: CVS commit: doc)
>
> On Mon, Jul 15, 2002 at 12:32:41PM -0400, Greg A. Woods wrote:
> > > Removed gnut [vulnerable and no newer version available]
> >
> > [[ that should be "net/gnut 0.4.20", right? :-) ]]
> >
> > (and there is a newer version available, 0.4.28 -- but presumably it's
> > still vulnerable)
>
> 0.4.28 is supposed to not be vulnerable. The homepage disappeared,
> though, and I didn't find a newer distfile than 0.4.27 (the last
> vulnerable version).
It's not exactly in the same place as it was (seems there might be a
symlink missing on the server). The new link is here on this page:
http://www.gnutelladev.com/source/gnut.html
The ChangeLog claims it's not yet released, but the above page says it
is (so I'd guess someone forgot to update the ChangeLog).
I don't know why Gnut is not on the http://www.gnutelliums.com/linux_unix/
page any more -- I'd suggest the "HOMEPAGE" be changed to the above if
anyone reactivates and updates this package....
> In general, I'm not opposed to marking packages as BROKEN, but if they
> stay BROKEN for too long, I am for removing them completely since
> there obviously is not enough interest in keeping them around.
I can't disagree with that! ;-)
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>